R: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1

["pinto.elia () gmail com" <pinto.elia () gmail com>]

----Messaggio originale----
Da: Andrew Morton
Inviato:  20/04/2012, 00:04 
A: Marcus Meissner
Cc: OSS Security List; security () kernel org; Sukadev Bhattiprolu; Serge Hallyn; Eric W. Biederman; Pavel Emelyanov
Oggetto: [oss-security] Re: CVE request: pid namespace leak in kernel 3.0 and 3.1


(cc's added)

On Thu, 19 Apr 2012 23:48:20 +0200
Marcus Meissner <meissner () suse de> wrote:

> Hi,
>
> we had a user, Vadim Ponomarev (ccrssaa at karelia.ru),  report a pid
> namespace leak caused by vsftpd.
>
> https://bugzilla.novell.com/show_bug.cgi?id=757783
>
> He provided a simple reproducer:
>
> #include <stdio.h>
> #include <errno.h>
> #include <signal.h>
> #include <sched.h>
> #include <linux/sched.h>
> #include <unistd.h>
> #include <sys/syscall.h>
>
> int main(int argc, char *argv[])
> {
>     int i, ret;
>
>     for (i = 0; i < 10000; i++) {
>
>         if (0 == (ret = syscall(__NR_clone, CLONE_NEWPID | CLONE_NEWIPC |
> CLONE_NEWNET | SIGCHLD, NULL)))
>             return 0;
>
>         if (-1 == ret) {
>             perror("clone");
>             break;
>         }
>
>     }
>     return 0;
> }
>
>
> and checking "cat /proc/slabinfo|grep pid_namespace"
> gives 10000 more active slots after running it on 3.0.13 (+SUSE patches) and 3.1.10 (+SUSE patches).
>
>
> Running this on 3.2.0 (+SUSE Patches) did not result in more slots, so it was probably
> fixed between 3.1 and 3.2 (but someone else cross check perhaps).
>
> Any idea welcome on which patch fixed this, I tried 1b26c9b334044cff6d1d2698f2be41bc7d9a0864
> but it seems not helping.
>
> Ciao, Marcus